Enable secure RMI

Note: PPM does not enable SSL by default, for enabling it requires other user information. However, we recommend that you enable it, especially in production environment, to make sure data being transmitted is encrypted. The use of SSL protects sensitive information from the risk of eavesdropping, data tampering, or message forgery in the process of transmitting.

  1. Create a keystore for SSL to use.

    You can use the Java keytool application to create a keystore. For information about the keytool application, see the Oracle documentation online.

    Use the keystore password that you use to run keytool to define the KEY_STORE_PASSWORD.

  2. In the server.conf file, specify values for the following three parameters:

    • RMI_URL

    • Set the KEY_STORE_FILE parameter to point to the keystore file.

    • Set the KEY_STORE_PASSWORD to the keystore password you created in step 1. This password can be encrypted.

Example: Example

If you ran keytool to create the file security/keystore relative to the <PPM_Home> directory, and you used the password "welcome", ran on host "caboose", and listened on port 1099, your server.conf parameters would look as follows:

com.kintana.core.server.RMI_URL=rmis://caboose:1099/KintanaServer
com.kintana.core.server.KEY_STORE_FILE=security/keystore
com.kintana.core.server.KEY_STORE_PASSWORD=welcome

Note: It is not recommended to use self-signed certificates in production environments as they may negate the benefits of end-to-end security by decreasing the ability of a user to detect a man-in-the-middle (MITM) attack.